“A security advisory was just published! Should I hurry and upgrade all my Cisco devices now?”

This is a question that I am being asked by customers on a regular basis. In fact, I am also asked why there are so many security vulnerability advisories. To start with the second question: Cisco is committed to protecting customers by sharing critical security-related information in a very transparent way. Even if security vulnerabilities are found internally, the Cisco Product Security Incident Response Team (PSIRT) – which is my team – investigates, drives to resolution, and discloses such vulnerabilities. To quickly answer the first question, don’t panic, as you may not have to immediately upgrade your device. However, in this article I will discuss some of the guidelines and best practices for responding to Cisco security vulnerability reports.

Read More »

Tags: advisories, CVSS, cybersecurity, exploits, incident response, malware, psirt, security advisories, security advisory, security notice, security notices, security top of mind, vulnerability

March 14 – 15 marked the National Finals Competition of CyberPatriot, the largest high school cyber defense competition in the United States.

With students crowded around laptops, routers and clocks counting down, teams were given a business scenario. Told that they were newly hired IT professionals managing the network of a small company, they were given 12 virtual machines that they had to wipe of the most vulnerabilities in the shortest amount of time.

Taking place just outside of Washington, D.C., as the teams raced to defend their networks from attack, the event resembled a scene out of the show 24. And if it showed us anything, it’s that our future cybersecurity workforce is bright. Read More »

Tags: cyberpatriot, cybersecurity, defense, edchat, edtech, military, stem

RSA 2013 ends and I both miss it and breathe a sigh of relief that it’s over. Let me explain. As a security guy, it’s nice to be around other security like-minded people.  We all speak the language. You needn’t really justify why you are worried about things most people have never heard of. It’s exciting to see so many people try so many different things, be it startups, big companies, or inspired individuals. It’s great to see government employees, corporate executives, and pony-tailed security geeks all talking to one another.  In a slightly strange way, it’s therapeutic.

That said, RSA is an incredibly intense week, and this year’s conference was no exception. In four-and-a-half full days (and this is just my schedule), I had:

• Eight customer meetings
• Eight dinners (working out to 1.78 dinners per day.)
• Four press interviews: two on-record, one background, 1 live videocast via Google+
• Four bizdev/company review meetings
• Two panels
• Two  analyst interviews
• Two partner meetings
• One customer breakfast talk along with with Chris Young

And this doesn’t include the countless run-ins with friends, a quick word here or there, and emails that all have to be managed along the way. In some respects, you don’t get enough time with really good friends (if there really is such a thing as enough time for such people in our lives), and in the end, it’s a huge blur from meeting to meeting.

I posed a question in my blog earlier this year: Are we making progress in cyber security? I say yes, yet not nearly enough, and now I am thinking hard about how to change it before RSA 2014.

Tags: Chris Young, cyber security, cybersecurity, John N. Stewart, John Stewart, RSA, RSA 2013

Here I sit… In Mel’s Drive-In Diner, San Francisco, CA. I just inhaled the “El Ranchero Americano”, which I am sure to regret later, and am enjoying tunes from yester-year complete with Doo-Wop and Presley. You may ask, “Why do I care…?”  Well, before this turns into an episode with Anthony Bourdain, I will let you know that I am in ‘The City’ attending RSA Conference 2013.

RSA Conference 2013 Video

Allow me to give you a quick background.  RSA’s goal is to connect security professionals from around the world in order to continue the growth and importance of security as technology aggressively expands. RSA started these conferences in 1991 when internet security really became a topic of discussion.  Everyone who is anyone is here, from start-up companies to our own Cisco.

Again, you might ask “What’s the big deal?”  I listened to a keynote by Vint Cerf, widely known as ‘The Father of the Web’, he gave an ‘If you can imagine…” speech. In this talk, he said if we could imagine our refrigerator being able to ‘talk’ to us… explore the internet for recipes in which the ingredients are what we currently have in the fridge and have a list of those recipes ready for us on the door or emailed to us. Pictures on our refrigerator being streamed live from our loved ones as they are posted on various social media sites, keeping us in the loop with our families across the world… It’s not ‘If’, it’s most certainly ‘when’… We are currently living in the era of the ‘Internet of Everything’.

With this, though, comes the most important element:  Security. How? How do we secure all of our information as we move forward? How do we secure billions of people while maintaining a ‘free moving internet?’ That’s why we’re here. We are here to discuss current security initiatives, evolving ideas, discussing the gaps in our current security… We are here to protect you.

As we move forward, it is absolutely essential to protect our ‘freedom’ to use the internet anytime, anywhere, and on any device. There are professionals working tirelessly in order to maintain that connectivity, and conversely, there are just as many trying to take our freedom away by disrupting our service and ‘stealing’ our personal information for their personal gain.

In our progression to ‘work our way’ in every way, we must stay vigilant and always on guard. I don’t know about you, but I do enjoy my flexibility and I also know I can sleep well at night knowing that there are people invested in my cybersecurity safety.

Until next time.

Mark

Tags: 21st Century Government, Cisco, cybersecurity, government, Internet of Everything, IoE, RSA Conference 2013, security

I really love my mobile devices, my iPhone, iPod, and rPod.

What’s an rPoD you ask? It’s my mobile getaway vehicle.

I can get access to mobile apps, listen to music, and enjoy a getaway to the coast. These devices are not just for fun though, these are powerful tools that allow me to telework from home or in reality anywhere and anytime. My mobile apps include my email, calendar, webex, jabber and other apps required for me to do my job.  I’m more productive, it’s more cost-effective, and very flexible.  And, it’s secure.

This week, I’m attending the RSA security conference in San Francisco.  Mobile device security and cyber security are some of the hot topics in the keynotes, special government sessions, and throughout the event. I’m able to attend this event to learn about the new technologies available to secure mobile devices and cloud and also the expanding cybersecurity threats. At the same time, I’m productive, mobile and secure.

Next week, like most every week, I will be teleworking. Please join me and more than 100,000 others to support Telework Week.

Cisco, in partnership with the Mobile Work Exchange, is a proud supporter of Telework Week from March 4-8. Telework Week 2013 is a global effort to encourage government agencies, business organizations, and individuals to pledge to telework anytime during this week. Please take a minute to visit this site to learn more about the benefits of Telework, pledge to support this initiative, and use the calculator to estimate savings. I have been teleworking for nearly 20 years and plan to continue to enjoy the benefits for mobility and telework for years to come.

Read More »

Tags: Bring your Own Device (BYOD), citizen services, cybersecurity, Mobile Government, telework